When len is 0 (for ex. when the input mac is NULL), parse_mac2str tries
to calloc a 0-bytes bloc, which leads to a conditional jump based
on uninitialized value (spotted by valgrind).
Signed-off-by: Pierre Chifflier <chifflier@xxxxxx>
---
filter/ulogd_filter_HWHDR.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/filter/ulogd_filter_HWHDR.c b/filter/ulogd_filter_HWHDR.c
index af44791..8df4f00 100644
--- a/filter/ulogd_filter_HWHDR.c
+++ b/filter/ulogd_filter_HWHDR.c
@@ -111,13 +111,19 @@ static struct ulogd_key mac2str_keys[] = {
static int parse_mac2str(struct ulogd_key *ret, unsigned char *mac,
int okey, int len)
{
- char *mac_str = calloc(len/sizeof(char)*3, sizeof(char));
- char *buf_cur = mac_str;
+ char *mac_str;
+ char *buf_cur;
int i;
+ if (len > 0)
+ mac_str = calloc(len/sizeof(char)*3, sizeof(char));
+ else
+ mac_str = strdup("");
+
if (mac_str == NULL)
return ULOGD_IRET_ERR;
+ buf_cur = mac_str;
for (i = 0; i < len; i++)
buf_cur += sprintf(buf_cur, "%02x%c", mac[i],
i == len - 1 ? 0 : ':');
--
1.5.6.5
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
